diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 10:41:58 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-27 10:41:58 +0000 |
commit | 1852910ef0fd7393da62b88aee66ee092208748e (patch) | |
tree | ad3b659dbbe622b58a5bda4fe0b5e1d80eee9277 /distro/tests/ansible-roles/knot_resolver/tasks | |
parent | Initial commit. (diff) | |
download | knot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.tar.xz knot-resolver-1852910ef0fd7393da62b88aee66ee092208748e.zip |
Adding upstream version 5.3.1.upstream/5.3.1upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'distro/tests/ansible-roles/knot_resolver/tasks')
12 files changed, 189 insertions, 0 deletions
diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml new file mode 100644 index 0000000..817b117 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_dnstap.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnstap_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + modules.load('dnstap') + assert(dnstap) + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml new file mode 100644 index 0000000..1da1789 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh.yaml @@ -0,0 +1,10 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44353, { kind = 'doh' }) + modules.load('http') + path: /etc/knot-resolver/kresd.conf + insertbefore: BOF diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml new file mode 100644 index 0000000..eebca20 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/configure_doh2.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_config set up kresd.conf + blockinfile: + marker: -- {mark} ANSIBLE MANAGED BLOCK + block: | + net.listen('127.0.0.1', 44354, { kind = 'doh2' }) + path: /etc/knot-resolver/kresd.conf diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml new file mode 100644 index 0000000..921df1b --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/main.yaml @@ -0,0 +1,69 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: Include distribution specific vars + include_vars: "{{ distro }}.yaml" + +- name: Update all packages + package: + name: '*' + state: latest + when: update_packages|bool + +- name: Install packages + package: + name: "{{ packages }}" + state: latest + +- name: Always print package version at the end + block: + + - include: restart_kresd.yaml + + - include: test_udp.yaml + - include: test_tcp.yaml + - include: test_tls.yaml + - include: test_dnssec.yaml + + - include: test_kres_cache_gc.yaml + + - name: Test DoH (new implementation) + block: + - include: configure_doh2.yaml + - include: restart_kresd.yaml + - include: test_doh2.yaml + + - name: Test DoH (legacy) + block: + - name: Install knot-resolver-module-http + package: + name: knot-resolver-module-http + state: latest + + - include: configure_doh.yaml + when: ansible_distribution in ["CentOS", "Fedora", "Debian", "Ubuntu"] + + - include: restart_kresd.yaml + - include: test_doh.yaml + when: distro in ["Fedora", "Debian", "CentOS"] or (distro == "Ubuntu" and ansible_distribution_major_version|int >= 18) + + - name: Test dnstap module + block: + - name: Install knot-resolver-module-dnstap + package: + name: knot-resolver-module-dnstap + state: latest + - include: configure_dnstap.yaml + - include: restart_kresd.yaml + when: distro in ["Fedora", "Debian", "CentOS", "Ubuntu"] + + always: + + - name: Get installed package version + shell: "{{ show_package_version }}" + args: + warn: false + register: package_version + + - name: Show installed version + debug: + var: package_version.stdout diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml new file mode 100644 index 0000000..00dbf5d --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/restart_kresd.yaml @@ -0,0 +1,16 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- block: + - name: Restart kresd@1.service + service: + name: kresd@1.service + state: restarted + rescue: + - name: Get kresd@1.service journal + shell: journalctl -u kresd@1 --since -20s + register: journal + - name: Print journal + debug: + var: journal + - name: Restart kresd@*.service failed, see log above + shell: /bin/false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml new file mode 100644 index 0000000..52bbbb2 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_dnssec.yaml @@ -0,0 +1,15 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. +cd returns NOERROR + tags: + - test + shell: kdig +cd @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl. + register: res + failed_when: '"status: NOERROR" not in res.stdout' + +- name: dnssec_test bogussig.bad-dnssec.wb.sidnlabs.nl. returns SERVFAIL + tags: + - test + shell: kdig @127.0.0.1 bogussig.bad-dnssec.wb.sidnlabs.nl. + register: res + failed_when: '"status: SERVFAIL" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml new file mode 100644 index 0000000..2c200e1 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh.yaml @@ -0,0 +1,9 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh_test query localhost. A + get_url: + url: https://127.0.0.1:44353/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + sha256sum: e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 + dest: /tmp/doh_test + mode: 0644 + validate_certs: false diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml new file mode 100644 index 0000000..32cf295 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_doh2.yaml @@ -0,0 +1,24 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: doh2_test check kdig https support + shell: kdig --help | grep -q '+\S*https' + register: kdig_https + ignore_errors: true + +- name: doh2_test query localhost. A + # use curl instead of ansible builtins (get_url/uri) + # because they currently use unsupported HTTP/1.1 + shell: | + curl -k -o /tmp/doh_test https://127.0.0.1:44354/doh?dns=1Y0BAAABAAAAAAAACWxvY2FsaG9zdAAAAQAB + echo "e5c2710e6ecb78c089ab608ad5861b87be0d1c623c4d58b4eee3b21c06aa2008 /tmp/doh_test" > /tmp/doh_test.sha256 + sha256sum --check /tmp/doh_test.sha256 + args: + # disable warning about using curl - we know what we're doing + warn: false + when: kdig_https is failed + +- name: doh2_test kdig localhost. A + shell: | + kdig @127.0.0.1 -p 44354 +https nic.cz || exit 1 + kdig @127.0.0.1 -p 44354 +https-get nic.cz || exit 2 + when: kdig_https is succeeded diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml new file mode 100644 index 0000000..3a7c9c9 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_kres_cache_gc.yaml @@ -0,0 +1,4 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: check kres-cache-gc.service is active + shell: systemctl is-active -q kres-cache-gc.service diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml new file mode 100644 index 0000000..1af18fd --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tcp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tcp_test resolve nic.cz + tags: + - test + shell: kdig +tcp @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml new file mode 100644 index 0000000..c780657 --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_tls.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: tls_test resolve nic.cz + tags: + - test + shell: kdig +tls @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' diff --git a/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml new file mode 100644 index 0000000..64023ff --- /dev/null +++ b/distro/tests/ansible-roles/knot_resolver/tasks/test_udp.yaml @@ -0,0 +1,8 @@ +--- +# SPDX-License-Identifier: GPL-3.0-or-later +- name: udp_test resolve nic.cz + tags: + - test + shell: kdig @127.0.0.1 nic.cz + register: res + failed_when: '"status: NOERROR" not in res.stdout' |